Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

routing.exe, perfs.exe, various .dlls


  • Please log in to reply

#46
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Those errors are from some of your services and or files getting corrupted due to the malware.
We will attempt to fix them when your log is clean.
=========================================================
*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then I will need you to show hidden Files \Folders.
To do this:
*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Show hidden files and folders.
*Uncheck the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK

After that using Windows Explorer (to get there right-click your Start button and go to "Explore")
Delete these files listed below:

C:\WINDOWS\system32\new2.exe
C:\WINDOWS\system32\_reproxy.dll

Now close Windows Explorer.

Now reset your Hidden files\folders to hidden.
To do this:
To reset:*Click Start.
*Open My Computer.
*Select the Tools menu and click Folder Options.
*Select the View Tab.
*Under the Hidden files and folders heading select Do not Show hidden files and folders.
*Check the Hide protected operating system files (recommended) option.
*Click Yes to confirm.
*Click OK
========================
Reboot into normal mode and post a new dss log.
  • 0

Advertisements


#47
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here you go.

Deckard's System Scanner v20071014.68
Run by Parent on 2008-08-11 18:41:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Parent.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41, on 2008-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Parent\My Documents\larryhadalittlelamb\Deckard System Scanner (temp).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Parent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [is-G3LVJ] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-G3LVJ\is-G3LVJ.exe"
O4 - HKLM\..\Run: [is-MV4MS] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-MV4MS\is-MV4MS.exe"
O4 - HKLM\..\Run: [is-QRV79] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QRV79\is-QRV79.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4065617495-334337264-2154702590-1003\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5E936384-B736-4A9E-AA93-832CA59FDCEC} (InstallShield Setup Player V11) - http://ea-land.ea.co...stall/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1179847293578
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23B86ABE-1DB6-474D-8187-F3F0255B8C0F}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{23B86ABE-1DB6-474D-8187-F3F0255B8C0F}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CS2\Services\Tcpip\..\{23B86ABE-1DB6-474D-8187-F3F0255B8C0F}: NameServer = 68.87.75.194,68.87.64.146
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c8e20299b95e4) (gupdate1c8e20299b95e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: is-G3LVJ - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-G3LVJ\is-G3LVJ.exe (file missing)
O23 - Service: is-MV4MS - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-MV4MS\is-MV4MS.exe (file missing)
O23 - Service: is-QRV79 - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QRV79\is-QRV79.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 11079 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 18:35:54 221216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-10 10:40:35 0 d-------- C:\Program Files\MBAM
2008-08-08 19:14:40 68096 --a------ C:\WINDOWS\zip.exe
2008-08-08 19:14:40 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-08 19:14:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-08 19:14:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-08 19:14:40 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-08 19:14:40 98816 --a------ C:\WINDOWS\sed.exe
2008-08-08 19:14:40 80412 --a------ C:\WINDOWS\grep.exe
2008-08-08 19:14:40 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-08 18:52:28 0 d-------- C:\Program Files\Trend Micro
2008-08-08 18:40:17 0 d--hs---- C:\WINDOWS\CSC
2008-08-08 12:59:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-08 12:58:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-08 10:38:56 0 d-------- C:\Program Files\Alwil Software
2008-08-07 19:06:09 0 --a------ C:\WINDOWS\system32\39866AC4
2008-07-24 17:07:27 0 d-------- C:\Program Files\Phun
2008-07-20 23:17:45 0 d------c- C:\AudioConverter
2008-07-20 23:16:51 0 d-------- C:\Program Files\easetech
2008-07-20 20:07:10 0 d------c- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-20 20:07:01 0 d-------- C:\Program Files\Security Task Manager
2008-07-19 14:59:28 0 d-------- C:\Program Files\Pyra Productions
2008-07-19 14:07:45 0 d-------- C:\Program Files\Easy Icon Maker
2008-07-18 16:34:44 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2008-07-16 15:16:48 0 d-------- C:\Program Files\QuickTime
2008-07-16 15:13:55 0 d-------- C:\Program Files\Apple Software Update
2008-07-16 15:13:54 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-08-11 18:39:40 0 d-------- C:\Program Files\Steam
2008-08-11 09:38:55 0 d-------- C:\Program Files\mIRC
2008-08-10 13:43:08 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 13:42:14 0 d-------- C:\Documents and Settings\Parent\Application Data\DNA
2008-08-08 19:17:08 0 d-------- C:\Program Files\Common Files
2008-08-06 08:35:38 0 d-------- C:\Program Files\McAfee
2008-08-01 17:23:19 0 d-------- C:\Program Files\Google
2008-07-07 23:36:17 103424 --a------ C:\WINDOWS\system32\nUI_nat.dll <Not Verified;  ; nUI>
2008-07-06 11:37:21 0 d-------- C:\Program Files\Rocks'n'Diamonds
2008-07-05 18:34:12 0 d-------- C:\Documents and Settings\Parent\Application Data\Teeworlds
2008-07-05 14:12:09 0 d-------- C:\Program Files\Image-Line
2008-07-05 14:11:26 0 d-------- C:\Program Files\VstPlugins
2008-07-05 14:09:34 0 d-------- C:\Program Files\ASIO4ALL v2
2008-07-05 14:07:10 0 d-------- C:\Program Files\Outsim
2008-07-03 18:33:11 0 d-------- C:\Documents and Settings\Parent\Application Data\NBOS
2008-07-03 18:33:09 0 d-------- C:\Program Files\nbos
2008-07-03 17:31:19 0 d-------- C:\Documents and Settings\Parent\Application Data\.crossfire
2008-07-03 17:30:30 0 d-------- C:\Program Files\Crossfire GTK Client
2008-07-03 17:28:50 0 d-------- C:\Program Files\Common Files\GTK
2008-07-03 15:47:11 0 d-------- C:\Documents and Settings\Parent\Application Data\uk.co.planetside
2008-07-03 15:44:05 0 d-------- C:\Program Files\Terragen
2008-06-29 21:19:34 0 d-------- C:\Program Files\LEGO Company
2008-06-26 17:32:44 0 d-------- C:\Documents and Settings\Parent\Application Data\SPORE Creature Creator
2008-06-26 15:15:17 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-26 14:57:38 0 d-------- C:\Program Files\Clonk Endeavour
2008-06-26 14:56:00 0 d-------- C:\Documents and Settings\Parent\Application Data\Clonk
2008-06-21 23:31:55 0 d-------- C:\Program Files\KoolMoves Demo
2008-06-21 20:11:49 0 d-------- C:\Program Files\ProcedurallyGeneratedGames
2008-06-20 17:33:53 0 d-------- C:\Documents and Settings\Parent\Application Data\Malwarebytes
2008-06-20 13:41:10 245248 --a------ C:\WINDOWS\system32\mswsock.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-18 22:04:43 0 dr-h----- C:\Documents and Settings\Parent\Application Data\SecuROM
2008-06-18 22:02:47 0 d-------- C:\Program Files\Electronic Arts
2008-06-18 22:02:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 21:32:38 1504 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-18 17:13:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-18 17:13:17 0 d-------- C:\Documents and Settings\Parent\Application Data\Mozilla
2008-06-18 16:21:17 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-16 18:44:48 0 d-------- C:\Documents and Settings\Parent\Application Data\IEPro
2008-06-16 18:05:18 0 dr------- C:\Documents and Settings\Parent\Application Data\SpaceTime 3D
2008-06-12 23:08:04 0 d-------- C:\Program Files\Audacity
2008-06-12 11:09:52 0 d-------- C:\Program Files\PyraProductions
2008-06-12 10:43:28 0 d-------- C:\Program Files\Install Creator
2008-06-06 19:52:04 54864 --a------ C:\WINDOWS\War3Unin.dat
2008-06-06 19:51:30 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-06 19:51:30 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-04 10:50:45 185344 --a------ C:\WINDOWS\patchw32.dll
2008-06-02 15:27:47 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-06-02 15:27:47 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-05-28 22:19:00 174 --a------ C:\WINDOWS\Palace.reg
2008-05-27 23:14:29 1024 --a------ C:\Documents and Settings\Parent\Application Data\WavCodec.wff


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25D596E9-BD03-4D4A-8310-5DF3B31E8D26}]
2008-07-31 16:58 184816 --a----t- C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2002-12-31 08:00 C:\WINDOWS\RTHDCPL.EXE]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2008-01-22 23:09]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2008-01-22 23:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 09:57]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50]
"is-G3LVJ"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-G3LVJ\is-G3LVJ.exe" []
"is-MV4MS"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-MV4MS\is-MV4MS.exe" []
"is-QRV79"="C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\is-QRV79\is-QRV79.exe" [2008-06-07 15:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 08:17]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37]
"Steam"="c:\program files\steam\steam.exe" [2008-04-19 19:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 08:00]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 18:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E60A0B68-2F3C-A1D2-A901-9381E036D21A}"= C:\WINDOWS\system32\Karna2Drv.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10a77790-f28e-11db-b04b-806d6172696f}]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cba5d2d-f4cd-11db-b3ec-806d6172696f}]
AutoRun\command- D:\ltree\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e63f5ad-087b-11dc-9ac1-806d6172696f}]
AutoRun\command- D:\ltree\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9323aad-f3fe-11db-b907-806d6172696f}]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec46b1ad-19d1-11dc-ad3e-806d6172696f}]
AutoRun\command- D:\ltree\autorun\autorun.exe

*Newly Created Service* - IS-MV4MS
*Newly Created Service* - IS-QRV79



-- End of Deckard's System Scanner: finished at 2008-08-11 18:43:04 ------------


Ignore the High Memory Usage.. During the DSS scan my computer was still starting up most things, and I was constantly closing the SVCHOST errors.

Edited by Mechana, 11 August 2008 - 07:25 PM.

  • 0

#48
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Do all of the following in normal mode.

Download this next tool and unzip it then place it on your cd:

http://djlizard.net/...-v0.60.0.24.zip

Double click Dial-a-fix.exe to start the program.
Next place a check mark next to the Fix SSL\HTTPS\Cryptsvc button.
Then click on GO at the bottom.
Let it do it's job you will see some small blue bars at the bottom right hand corner to sognify that it is working.
When it is done it will say Ready at the bottom left hand corner.

Then reboot and let me know if evrything is back to normal.
  • 0

#49
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I found out that I can now download files when I just downloaded Dial-A-Fix.

I see no noticeable changes, though. svchost still gives me errors, my system clock is still in incorrect Army Time, Open windows still don't show in the taskbar, and the window style is still Windows Classic.
  • 0

#50
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you copy and paste now?
I will need you to be more specific on the svchost errors.
Can you tell me exactly what it says?
  • 0

#51
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I still cannot copy/paste.

Here is the svchost error:

"The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program"

Edited by Mechana, 11 August 2008 - 07:54 PM.

  • 0

#52
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Try this for the no copy and paste.
Double click on Dial a fix and go to the bottom where it says Policies, click that button and choose Rescan.
If anything is listed Highlight it and click remove.
If nothing is listed then with Dial-a -fix still open click on the little hammer at the bottom.
Highlight Repair permissions then click on Go.

After that reboot and let me know if anything changes.
  • 0

#53
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
It took about 5-10 minutes to fix it. I restarted and copy/paste still doesn't work.


I believe that all of these problems are caused by the virus deleting the files that controlled copy/paste, parts of the system clock, parts of the taskbar, and the system styles.
  • 0

#54
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes I know that it has caused this.

  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
=================================
Then:
Please download the XP2NetSvc.zip.
Extract the contents to your desktop please.
A file XPSP2_Netsvcs.reg should now be present. Please double click on the file and choose yes when it asks you if you want to merge it with your registry.
==========================
AFter that Reboot.

Then Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
  • 0

#55
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-12 10:49:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF24549AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF2454958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF245496C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF24549EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF2454930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF2454944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF24549BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF2454996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF2454982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF2454A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF2454A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF24549D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0007007D
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F92
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F50
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070F6D
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700B3
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 000700D8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070040
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070098
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070F35
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00060FC0
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00060025
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0006007D
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00060062
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B50F52
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B50F63
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B50F80
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B50F9B
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B50F1C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B50064
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B50ECB
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B50EDC
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B50EB0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B50022
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B50F2D
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B50FCA
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B50F01
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B4001B
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B40F79
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B40FCA
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B40036
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B40F94
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B40FE5
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B40FA5
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1392] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1392] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BA003B
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BA0F46
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BA0F57
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BA0F9E
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BA0F1F
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BA0067
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BA0EEC
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BA0EFD
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BA00A0
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BA0056
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BA000A
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\Explorer.EXE[1784] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BA0F0E
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B8001B
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B80073
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B80000
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B80058
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B8003D
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\Explorer.EXE[1784] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B8002C
.text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00B90000
.text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00B90011
.text C:\WINDOWS\Explorer.EXE[1784] WININET.dll!InternetOpenUrlW 780BAEA1 5 Bytes JMP 00B90022
.text C:\WINDOWS\Explorer.EXE[1784] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 00DD0FEF

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000

---- EOF - GMER 1.0.14 ----
  • 0

Advertisements


#56
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Has anything changed system wise?
  • 0

#57
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Not that I can tell. Should I have rebooted after running GMER?
  • 0

#58
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
No Copy\paste function yet?
Are there any more svchost errors?
  • 0

#59
Mechana

Mechana

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Still can't copy/paste.. I can copy/paste text(Always could) but anything other than that has Paste grayed out. SVCHOST still gives me plenty of errors..


Is it safe to enter passwords and transfer files? I want to back up my important files ASAP.. I have a 100gb backup USB drive that I can copy them to.

Edited by Mechana, 12 August 2008 - 01:46 PM.

  • 0

#60
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Is the copy\paste specific to a program that you are using such as internet Explorer\Firefox?
Does it only happen when you try to copy files\folders?

==========================================
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10a77790-f28e-11db-b04b-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cba5d2d-f4cd-11db-b3ec-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e63f5ad-087b-11dc-9ac1-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9323aad-f3fe-11db-b907-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec46b1ad-19d1-11dc-ad3e-806d6172696f}]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place and post a new dss log.
=========================================
It should now be safe to transfer files over.
Enter passwords as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP